Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13444.roa
File:                     AS13444.roa (raw, json)
Hash identifier:          dRPNediCpvXptS4+e3Ye/DuU1BC05gwu0Yc5Ns6Ihro=
Subject key identifier:   03:BB:D7:78:52:E0:91:53:51:F7:A1:60:75:5C:EA:D4:0C:B9:ED:25
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6546DF6A5E11CBE5A6D5410096DFFC0DCB103337
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13444.roa
Signing time:             Sun 11 Feb 2024 04:05:12 +0000
ROA not before:           Sun 11 Feb 2024 04:00:12 +0000
ROA not after:            Sun 09 Feb 2025 04:05:12 +0000
asID:                     13444
IP address blocks:        191.101.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:46:df:6a:5e:11:cb:e5:a6:d5:41:00:96:df:fc:0d:cb:10:33:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 11 04:00:12 2024 GMT
            Not After : Feb  9 04:05:12 2025 GMT
        Subject: CN=03BBD77852E0915351F7A160755CEAD40CB9ED25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c3:99:f4:de:9f:fc:57:06:b6:ea:c3:40:19:
                    69:b3:6d:84:7c:9f:52:74:cc:ec:f9:e0:61:9f:fd:
                    47:cf:5f:fe:38:57:be:f5:ad:9a:65:02:f6:2c:51:
                    54:51:df:af:ff:81:c8:a8:03:5c:f1:a1:89:58:48:
                    66:fb:1b:c8:b3:6d:22:ba:a6:f7:08:05:74:74:3d:
                    ae:f1:82:c3:68:6f:1b:d8:48:98:ac:c9:13:66:3c:
                    a1:50:98:d8:bd:f7:24:f3:62:78:2b:d1:d5:25:06:
                    98:df:ac:1d:25:2d:06:20:cc:ee:22:7c:ca:d7:8d:
                    21:bc:89:e8:51:b5:ad:40:90:ea:cf:81:db:d7:5c:
                    69:71:c7:b5:02:b5:4b:11:db:fa:b1:be:d6:8a:20:
                    5a:b1:2d:8f:64:11:fc:2f:3e:9c:64:e6:fd:8a:bb:
                    e7:de:23:01:1f:94:b3:5d:ff:f3:f8:7f:2c:e6:16:
                    51:cf:f4:53:a6:9b:fb:d1:af:14:db:57:13:08:a0:
                    ab:8b:51:e3:3f:e8:18:58:32:d0:f7:6d:89:69:97:
                    64:38:1a:6a:7a:bf:af:9b:0f:ab:75:83:c7:f8:cc:
                    5a:73:ee:bb:64:b5:be:8f:0e:f9:24:a9:b2:e4:87:
                    c3:9c:3f:bf:10:9c:62:a0:44:55:8f:c0:6b:f4:54:
                    77:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:BB:D7:78:52:E0:91:53:51:F7:A1:60:75:5C:EA:D4:0C:B9:ED:25
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS13444.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:0f:4a:0a:f1:4b:67:91:96:f9:76:80:9c:20:e5:61:e8:aa:
         b8:71:92:7f:13:5b:b4:06:a7:01:ef:00:73:8b:c0:fc:a0:25:
         c5:bf:b2:d7:ef:48:22:36:af:19:cd:f4:ff:79:0a:5a:bc:4b:
         cd:62:0c:e8:7c:ec:88:1f:28:9e:a6:c5:0b:79:60:a3:4c:16:
         aa:48:64:df:1c:6c:ae:43:5f:c5:e3:c2:5c:17:b5:1e:3d:f0:
         f8:7a:13:d5:6f:c4:a4:aa:fd:5e:bf:b8:24:bc:27:4d:93:b7:
         bd:d4:63:41:07:a5:5d:f5:03:c1:39:9c:fb:0b:75:3f:29:83:
         26:48:4a:94:c9:83:f5:8f:fa:e1:60:a6:8f:e4:21:e9:40:1b:
         62:02:01:4e:c1:17:d5:f3:85:cd:24:ea:d7:c6:f4:f4:e4:74:
         96:43:5b:0d:c2:b8:a8:d5:50:8a:ad:36:db:7b:aa:1f:b3:e6:
         f2:a3:f0:13:59:38:10:c6:bd:4c:34:51:07:bc:bf:3a:99:12:
         53:cf:55:91:bc:6e:fe:71:28:80:de:77:45:99:c5:0a:ee:79:
         7e:a9:84:db:3e:cf:81:d5:9b:b4:77:ab:d7:50:6b:58:94:60:
         b4:d4:07:f3:26:88:dc:9b:1f:49:68:2b:8b:9f:25:f1:29:6d:
         b3:e0:ce:e1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZUbfal4Ry+Wm1UEAlt/8DcsQMzcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMTEwNDAwMTJaFw0yNTAyMDkwNDA1MTJaMDMxMTAvBgNV
BAMTKDAzQkJENzc4NTJFMDkxNTM1MUY3QTE2MDc1NUNFQUQ0MENCOUVEMjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfw5n03p/8Vwa26sNAGWmzbYR8
n1J0zOz54GGf/UfPX/44V771rZplAvYsUVRR36//gcioA1zxoYlYSGb7G8izbSK6
pvcIBXR0Pa7xgsNobxvYSJisyRNmPKFQmNi99yTzYngr0dUlBpjfrB0lLQYgzO4i
fMrXjSG8iehRta1AkOrPgdvXXGlxx7UCtUsR2/qxvtaKIFqxLY9kEfwvPpxk5v2K
u+feIwEflLNd//P4fyzmFlHP9FOmm/vRrxTbVxMIoKuLUeM/6BhYMtD3bYlpl2Q4
Gmp6v6+bD6t1g8f4zFpz7rtktb6PDvkkqbLkh8OcP78QnGKgRFWPwGv0VHfjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUA7vXeFLgkVNR96FgdVzq1Ay57SUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM0NDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZbMw
DQYJKoZIhvcNAQELBQADggEBAF8PSgrxS2eRlvl2gJwg5WHoqrhxkn8TW7QGpwHv
AHOLwPygJcW/stfvSCI2rxnN9P95Clq8S81iDOh87IgfKJ6mxQt5YKNMFqpIZN8c
bK5DX8XjwlwXtR498Ph6E9VvxKSq/V6/uCS8J02Tt73UY0EHpV31A8E5nPsLdT8p
gyZISpTJg/WP+uFgpo/kIelAG2ICAU7BF9Xzhc0k6tfG9PTkdJZDWw3CuKjVUIqt
Ntt7qh+z5vKj8BNZOBDGvUw0UQe8vzqZElPPVZG8bv5xKIDed0WZxQrueX6phNs+
z4HVm7R3q9dQa1iUYLTUB/MmiNybH0loK4ufJfEpbbPgzuE=
-----END CERTIFICATE-----